June 6, 2023

[Information Security Daily]On January 10, 2023, researchers revealed the weaknesses of the Text-to-SQL machine learning model and the JsonWebToken vulnerability of the NPM suite, which may lead to the exposure of 22,000 projects

In order to allow users to query SQL databases through natural language (NLP), many databases use Text-to-SQL machine learning models, but researchers have found that hackers can design some question inputs to make this machine learning The model generates malicious code and executes it, thereby stealing data or blocking the operation of the database. The NPM suite JsonWebToken high-risk vulnerability CVE-2022-23529, which was publicly disclosed half a year ago, researchers released more details this week. They said that the scope of the vulnerability is quite extensive, and more than 22,000 projects will be affected. Users are urged to respond Fix asap. The U.S. government intends to create an AI-based information security analysis sandbox system CAP-M, and intends to share its analysis results with public departments, enterprises, and academic institutions. The news website The Register pointed out that this sandbox should be part of US President Joe Biden’s defense policy.

Ewen Eagle

I am the founder of Urbantechstory, a Technology based blog. where you find all kinds of trending technology, gaming news, and much more.

View all posts by Ewen Eagle →

Leave a Reply

Your email address will not be published.